CEIDPageLock

In the Summer of 2018, PC security researchers have been monitoring a threat known as CEIDPageLock. CEIDPageLock is a rootkit, a threat that infects a computer at its deepest levels. CEIDPageLock is being delivered to victims using the RIG Exploit Kit currently. The CEIDPageLock rootkit was first observed in early 2018. The CEIDPageLock attack itself is a simple browser hijacker. It takes over the victim's Web browser and changes the Web browser's homepage into a fake versions of 2345.com, a Web directory that is popular in China. The CEIDPageLock rootkit has been updated regularly and carries out a sophisticated attack that goes further than most browser hijackers and malware of this type. In its attack, CEIDPageLock will replace various popular Chinese websites with bogus versions, which can be used to generate ad revenue and collect the victims' data and online passwords.

Numerous Computers are Already Infected by CEIDPageLock

The vast majority of CEIDPageLock infection, about 11 thousand at the time of writing, is located in China. Besides these, PC security researchers have received reports of a few dozen CEIDPageLock infections appearing in countries outside of China. It is clear that the CEIDPageLock malware campaign is targeted to this region geographically. CEIDPageLock allows criminals to monitor the computer users' online habits, deliver advertisements to the victim's computers, and could be used as a beginning point for more intrusive or threatening campaigns.

How CEIDPageLock Enters a Computer

PC security researchers have associated CEIDPageLock with a Trojan dropper that uses a bogus security certificate to bypass many computers' defenses. CEIDPageLock uses a driver that runs during start-up, tampering with the victim's computer in a way that bypasses commonly used security software. CEIDPageLock is packed using various obfuscation techniques designed to prevent malware researchers from investigating CEIDPageLock's code or determining how CEIDPageLock works.

How the CEIDPageLock Attack Works

The main portion of the CEIDPageLock attack is to redirect the victim when visiting various Chinese websites, as a way of profiting at the expense of the computer user. There are several variants of CEIDPageLock, and its developers have updated this threat regularly. CEIDPageLock uses rootkit techniques to prevent the victim from detecting and removing CEIDPageLock. This rootkit aspect of CEIDPageLock is what makes CEIDPageLock unique particularly. The use of rootkit techniques may be linked to more sophisticated or destructive attacks. Browser hijackers are considered low-tier malware, often not even classified as malware but as Potentially Unwanted Programs (PUPs). The use of rootkit techniques to carry out these attacks seems like an exaggeration on the part of the people responsible for the CEIDPageLock attack. However, when one considers the possible ways in which criminals can profit from these attacks, the implementation of rootkit techniques may be worth it for the criminals.

Protecting Your Computer from Threats Like CEIDPageLock

The removal of browser hijackers is not difficult, and can often be accomplished by running a scan with a security program and then restoring any Web browser settings that may have been changed by the intruding software. However, in the case of CEIDPageLock, which uses advanced rootkit techniques in its attack, the removal may be much more difficult. When dealing with CEIDPageLock, PC security researchers strongly advise computer users to ensure that their security software has anti-rootkit capabilities. Sometimes, a separate security application should be used to remove CEIDPageLock and threats like it. Since the main way in which CEIDPageLock is being delivered is through the RIG Exploit Kit, which may be installed on questionable online websites, using real-time anti-malware protection and being cautious with the websites one visits are fundamental in preventing attacks like CEIDPageLock and becoming a victim of online exploit kits.